Safety Cases: Beyond Safety Management Systems
Transcript of Safety Cases: Beyond Safety Management Systems
![Page 1: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/1.jpg)
Safety Cases:Beyond
Safety Management Systems
Dmitri Zotov
![Page 2: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/2.jpg)
Origin of ‘Safety Case’
• The Robens Report, 1972:– Mere compliance with regulations is not
enough to assure safe operation– The operator must ‘make a case’ that the
operation is acceptably safe
![Page 3: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/3.jpg)
Why a Safety Case? Piper Alpha• On 6 July 1988, a series of explosions
and fires destroyed the Piper Alpha oil platform and killed 167 people.
• The modern Safety Case has been influenced by the recommendations of the Cullen Inquiry into the Piper Alpha disaster.
• Lord Cullen noted in his report that compliance with detailed prescriptive regulations was not sufficient to ensure safety.
• Safety Case needed to be owned by the operators and was to be a “living document”.
![Page 4: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/4.jpg)
Modern Offshore Safety Management Practices
• Operator responsible for safety.
• Responsibility to demonstrate case for safety via a performance based Safety Case – that is, demonstrate fitness for its intended context of use.
• Use of formal and structured hazard identification and analysis techniques.
• Results of hazard analysis used to drive design.
![Page 5: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/5.jpg)
Benefits of a Safety Case Regime
Source: DNV
![Page 6: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/6.jpg)
History Of Safety Cases And Regulation -
Typical UK Reactive SequenceAccident - Enquiry - Act of Parliament - Guidance
![Page 7: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/7.jpg)
Potential Problems
• Cost• Ownership• Competency• Move to non-prescriptive regulation
![Page 8: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/8.jpg)
Safety Cases in Civil Aviation
• Part Safety Cases:– Eurocontrol: RVSM– UKCAA: unusual operations
• Delayed introduction of a full Safety Case regime:– Absence of formal Inquiries in recent years– Emphasis on SMS
![Page 9: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/9.jpg)
Safety Case or Stand-alone SMS?
• A Safety Case is analogous to a Business Plan
• An SMS is analogous to a FMS• An FMS won’t buy you much without a
Business Plan• An SMS won’t but you much without a
Safety Case• An SMS is part of a Safety Case
![Page 10: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/10.jpg)
Safety Cases in Civil Aviation• Eurocontrol
– Partial Safety Cases, e.g. RVSM– Draft Safety Case manual
• UK CAA– Safety Cases required for Aerodromes and Air Traffic
Services– Under consideration for flight ops and maintenance
• FAA– Guidance on Safety Cases for airworthiness standards
(followed by ADF)• Australia
– CASA :- NAS– Air Services:- RVSM
![Page 11: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/11.jpg)
Why It Matters to Investigators
• May lead to discovery of corporate factors behind an accident
• Can point to effective safety recommendations
![Page 12: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/12.jpg)
The Ansett Case Study
• TOC analysis led to a very few core problems, but a large number of recommendations to address them
• All of the recommendations relating to the airline could be distilled into– Airlines should be compelled to operate within
a Safety Case
![Page 13: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/13.jpg)
What Is A Safety Case?
– “A documented body of evidence that provides a demonstrable and valid argument that a system or equipment is tolerably safe for use: within a defined envelope, throughout the proposed life of the equipment”. (UK MoD JSP 430).
- The body of evidence that the system is safe, together with the argument that makes sense of the evidence.
• No reference to Regulatory compliance: the exact opposite to an Exposition.
![Page 14: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/14.jpg)
Structure Of A Safety Case
Resources
Assessors
Safety Committee
Safety ManagerAuditors
StrategyAim
Objectives
Safety Case Production
Through Life Management
Scope
Targets
Acceptance
Review / Audit
Safety Case
Safety Management
System
Safety Case
Report Hazard Identification
Risk Assessment
Hazard Control
Safety Assessment
System Description
SMS Description
Emergency Procedures
Hazard Log
Supporting Argument
![Page 15: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/15.jpg)
Exposition, SMS and Safety Case
Exposition:Term used by NZ CAA, and EASA (Maintenance
regulations only)A document • Demonstrating compliance with Regulations• Detailing Company structure, and• Procedures which will be followedUnderlying Assumption: that compliance with the
Regulations will assure safety
![Page 16: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/16.jpg)
Exposition, SMS and Safety Case
Safety Management System:• A function of service provision which
ensures that safety risks have been identified, and the hazards driven down as far as reasonably practicable
• Assumption behind stand-alone system: that operating with a SMS, within a regulatory structure, will assure safe operation
![Page 17: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/17.jpg)
Safety Case, Exposition and SMS
![Page 18: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/18.jpg)
Examining a Safety Case• Documentation:
– Organisation Description/Intent– Operating History and Incidents– Safety Cases and Hazard Assessments
(components)– Emergency and Contingency Arrangements
• Argument showing that evidence proves safe operation
• Safety Management System• Risk assessment and review
![Page 19: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/19.jpg)
Safety AssessmentObservation
Component FMECA
HAZOP, SWIFT
Historical accidents
Expert Judgement Top
eventabcd
Event Tree Analysis
Top event
abcd
Event Tree Analysis
Fault TreeAnalysis
Consequence Analysis
Frequency Estimation
aa
b
aaa a
aa bb
bb bb
bb
bc
d
cc
cc
ccc
cccc c d
ddddd
dddd
ALARP
Qualitative
Quantitative
Hazard Identification
Hazard AssessmentSafety Assessment
Hazard Analysis
Risk Assessment
Risk Analysis
HazardControl
![Page 20: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/20.jpg)
As Low As Reasonably Practicable
![Page 21: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/21.jpg)
Setting ALARP Levels
UK Rail has set target levels in two ways:• Small operator: qualitative• Large operator: quantitative
Eurocontrol has set quantitative levels:• Intolerable: 2 x TLS• Acceptable: .02 x TLS
![Page 22: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/22.jpg)
A Safety Case needs to be Pragmatic
![Page 23: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/23.jpg)
A Safety Case needs to be Pragmatic
Not suitable for childrenunder 3 years old
If swallowed seekmedical advice
![Page 24: Safety Cases: Beyond Safety Management Systems](https://reader035.fdocuments.in/reader035/viewer/2022071602/613d61c5736caf36b75caa3e/html5/thumbnails/24.jpg)
Summary• Safety Case to prove operations are adequately
safe is world’s best practice• Being progressively mandated in hazardous
industries world-wide• In accident investigation, comparing the Safety
Case with reality can give clues to what went wrong
• Safety Recommendations made in terms of modifying a Safety Case may have generic application